Return-Path: Received: from post.thorcom.com (post.thorcom.com [195.171.43.25]) by mtain-mb02.r1000.mx.aol.com (Internet Inbound) with ESMTP id B4EF73800009A; Wed, 25 Jan 2012 16:29:29 -0500 (EST) Received: from majordom by post.thorcom.com with local (Exim 4.14) id 1RqAN4-0003nQ-Ld for rs_out_1@blacksheep.org; Wed, 25 Jan 2012 21:27:10 +0000 Received: from [195.171.43.32] (helo=relay1.thorcom.net) by post.thorcom.com with esmtp (Exim 4.14) id 1RqAN3-0003nH-Qu for rsgb_lf_group@blacksheep.org; Wed, 25 Jan 2012 21:27:09 +0000 Received: from smtpout2.wanadoo.co.uk ([80.12.242.42] helo=smtpout.wanadoo.co.uk) by relay1.thorcom.net with esmtp (Exim 4.63) (envelope-from ) id 1RqAN1-00022P-DM for rsgb_lf_group@blacksheep.org; Wed, 25 Jan 2012 21:27:09 +0000 Received: from AGB ([2.26.47.86]) by mwinf5d18 with ME id RxT11i00e1ra6WS03xT1Hv; Wed, 25 Jan 2012 22:27:02 +0100 Message-ID: <9E53F0F9DB6441208B7C740A7733741C@AGB> From: "Graham" To: References: <4F08AF8F.6080108@broadpark.no><4F1C2EDA.6695.B772FA7@mike.dennison.ntlworld.com><006301ccda2c$b174cda0$145e68e0$@broadpark.no><004b01ccdad4$0b38b750$21aa25f0$@broadpark.no> <006b01ccdae9$8e88b1e0$0401a8c0@xphd97xgq27nyf> In-Reply-To: <006b01ccdae9$8e88b1e0$0401a8c0@xphd97xgq27nyf> Date: Wed, 25 Jan 2012 21:27:01 -0000 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8117.416 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416 X-Antivirus: avast! (VPS 120125-1, 25/01/2012), Outbound message X-Antivirus-Status: Clean X-Spam-Score: 0.2 (/) X-Spam-Report: autolearn=disabled,HTML_MESSAGE=0.001,RCVD_ILLEGAL_IP=0.234 Subject: Re: LF: A bit off topic Content-Type: multipart/alternative; boundary="----=_NextPart_000_011E_01CCDBA8.13714200" X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on post.thorcom.com X-Spam-Level: X-Spam-Status: No, hits=0.7 required=5.0 tests=HTML_20_30, HTML_FONTCOLOR_UNSAFE,HTML_MESSAGE,MISSING_OUTLOOK_NAME autolearn=no version=2.63 X-SA-Exim-Scanned: Yes Sender: owner-rsgb_lf_group@blacksheep.org Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group X-SA-Exim-Rcpt-To: rs_out_1@blacksheep.org X-SA-Exim-Scanned: No; SAEximRunCond expanded to false x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:384966240:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d60164f2074392f79 X-AOL-IP: 195.171.43.25 X-AOL-SPF: domain : blacksheep.org SPF : none This is a multi-part message in MIME format. ------=_NextPart_000_011E_01CCDBA8.13714200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable The secret server is funded by donations and provides the web based = functions , users, distance calculations ,links and qrz interface, = enhancing the HCI aspect of the system... nice to know where the = donations go ! PSK stats show ~ 1000 uses in 7 day period , so if there where = on going problems , im sure the email inbox would be over loaded , = latest jolly jape is based on distance units .. cpu loading is now = much reduced and single mode decode can be selected to reduce = over heads , new decode engine is more effective in high noise = levels ,=20 Could do with a 136 fog horn to try for some real dx before the = season ends ! JA stations are running Op now , no 136 in down = under yet .. 73 -G..=20 =20 From: mal hamilton=20 Sent: Tuesday, January 24, 2012 10:43 PM To: rsgb_lf_group@blacksheep.org=20 Subject: Re: LF: A bit off topic Roger I take it you are not keen on Opera ? I do not have these problems with CW or QRSS they are sure fire every = time. From what i read on here it has no advantage over QRSS but seems = to consume a lot of time discussing its merits, needs a severe dose of = anti virus medicine and devours your CPU GL de Mal/G3KEV ----- Original Message -----=20 From: Roger Lapthorn=20 To: rsgb_lf_group@blacksheep.org=20 Sent: Tuesday, January 24, 2012 8:55 PM Subject: Re: LF: A bit off topic Are we sure this isn't a way for the program to check for upgrade = notifications from its Spanish creator?=20 Here I have not re-installed OPERA since I had PC load problems a few = weeks ago when running an earlier version. It still sounds not yet fully = proven or spyware free. A pity as it looks a useful program. I wish Joe = K1JT had written it and then we would have total openness and = confidence. 73s Roger G3XBM On 24 January 2012 20:09, Steinar Aanesland = wrote: Mike By the way , this "calling home" mechanism seems to be incorporated = in the latest ROS version too . Same remote Address 88.14.57.81 , same remote Port 8001 and same = remote host antiarrl.dyndns.org My advice is to install a firewall that checks outgoing traffic, = such as zonealarm http://www.zonealarm.com/ when playing with this kind of software. LA5VNA S -----Original Message----- From: owner-rsgb_lf_group@blacksheep.org = [mailto:owner-rsgb_lf_group@blacksheep.org] On Behalf Of Steinar = Aanesland Sent: 24. januar 2012 01:11 To: rsgb_lf_group@blacksheep.org Subject: RE: LF: A bit off topic Hi Mike Thanks for your reply. I know the mechanism that allows Symantec to = stop an unknown application, but I don't think this is the reason this time. As you probably know, Symantec 12.1 has a mechanism called sonar. = Sonar analyzes applications as they are running and takes action once enough evidence has been gathered to convict the application of = being malware, based upon its behavior. I think sonar was trigged by some strange network behavior. To test = my theory, I turned off the sonar funktion, and made a packet sniffing on the network when Opera started. Opera made a connection to the following ip addresses: Cluster reporter: ----------- TCP Remote Address 176.31.252.203 Local Port 3739 Remote Port 8000 Local Host Remote Host Service Name Nameservers ns.dxfuncluster.com The Opera chat channel: ---------- TCP Remote Address 66.220.151.99 Local Port 1060 Remote Port 5222 Local Host Remote Host Service Name Reverse DNS jabber-03-01-tfbnw.net snc6. http://www.plotip.com/ip/66.220.151.99 The first two addresses may been explained by the cluster and chat = function in Opera, but I can't find any connection in the software to the last address : ---------- TCP Remote Address 88.14.57.81 Local Port 3740 Remote Port 8001 Local Host Remote Host antiarrl.dyndns.org IP address country: Spain IP address state: Murcia IP address city: San Javier And why opera is trying to transfer the following string "1 #### = #### ####" to "ANTIARRL.DYNDNS.ORG located some place in Spain is a mystery. My conclusion is to leave this software alone. 73 de la5vna Steinar -----Original Message----- From: Mike Dennison [mailto:mike.dennison@ntlworld.com] Sent: 22. januar 2012 16:44 To: Steinar Aanesland Subject: Re: LF: A bit off topic Steinar, I have only now read your message. Are you still having problems? My version of Norton/Symantec deleted Opera when I ran it. It = decided that, because it did not know about the software, it was therefore suspicious. It is possible to configure Norton to ignore = some files or folders, and that was my fix. If you need details I will try to remember how I did it. 73 de Mike, G3XDV ----------------------------- > I know this is a bit off topic, but is there anyone her using = Symantec > Endpoint Protection ver 12.1 ? > > I am trying to use a new ham software but my antivirus see this > software as a risk. > > la5vna Steinar > > > > > > --=20 http://qss2.blogspot.com/ http://g3xbm-qrp.blogspot.com/ http://www.g3xbm.co.uk https://sites.google.com/site/sub9khz/ ------=_NextPart_000_011E_01CCDBA8.13714200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
The secret server is funded by donations and provides the web based = functions , users, distance calculations ,links and qrz interface, = enhancing the=20 HCI aspect of the system... nice to  know  where  = the =20 donations  go !
 
PSK  stats  show  ~ 1000  uses  in 7  = day=20 period , so  if there where  on going  problems , im = sure =20 the  email  inbox  would be  over loaded , latest=20 jolly  jape  is based on distance  units .. cpu =20 loading  is now  much reduced  and  single  = mode decode=20 can  be  selected to  reduce  over heads , new = decode =20 engine  is  more  effective in high  noise  = levels ,=20
 
Could  do with a  136  fog horn to  try = for =20 some  real  dx  before  the  season  ends = ! =20 JA stations  are  running Op now  , no  136  = in =20 down under  yet ..
 
73 -G..

 

From: mal hamilton
Sent: Tuesday, January 24, 2012 10:43 PM
To: rsgb_lf_group@blacksheep.org= =20
Subject: Re: LF: A bit off topic

Roger
I take it you are not keen on Opera = ?
I do not have these problems with CW or QRSS = they are sure=20 fire every time. From what i read on here it has no advantage over QRSS = but=20 seems to consume a lot of time discussing its merits, needs a severe = dose of=20 anti virus medicine and devours your CPU
GL de Mal/G3KEV
 
----- Original Message -----
From:=20 Roger=20 Lapthorn
Sent: Tuesday, January 24, 2012 = 8:55=20 PM
Subject: Re: LF: A bit off = topic

Are we sure this isn't a way for the program to check = for=20 upgrade notifications from its Spanish creator?

Here I have = not=20 re-installed OPERA since I had PC load problems a few weeks ago when = running=20 an earlier version. It still sounds not yet fully proven or spyware = free. A=20 pity as it looks a useful program. I wish Joe K1JT had written it and = then we=20 would have total openness and confidence.

73s
Roger=20 G3XBM



On 24 January 2012 20:09, Steinar Aanesland = <saanes@broadpark.no> = wrote:
Mike

By the way , this "calling home" = mechanism=20 seems to be incorporated in the latest ROS version too .
Same=20  remote Address 88.14.57.81 , same remote Port 8001 and same = remote=20 host antiarrl.dyndns.org

My advice is to = install a=20 firewall that checks outgoing traffic,  such as zonealarm http://www.zonealarm.com/=20  when playing with
this kind of software.

LA5VNA=20 S




-----Original Message-----
From: owner-rsgb_lf_group@bl= acksheep.org=20 [mailto:owner-rsgb_lf_group@bl= acksheep.org]=20 On Behalf Of Steinar Aanesland
Sent: 24. januar 2012 01:11
To: = rsgb_lf_group@blacksheep.org=
Subject:=20 RE: LF: A bit off topic

Hi Mike

Thanks for your reply. =  I=20 know the mechanism that allows Symantec to stop an unknown = application, but=20 I  don't think this is the
reason this time.
As you = probably=20 know, Symantec 12.1 has a mechanism called sonar. Sonar analyzes=20 applications as they are running and takes action
once enough = evidence=20 has been gathered to convict the application of being malware, based = upon=20 its behavior.

I think sonar was trigged by some strange = network=20 behavior. To test my theory, I turned off the sonar funktion, =  and made=20 a packet
sniffing on the network when Opera started.

Opera =  made a connection to the following ip = addresses:

Cluster=20 reporter:
-----------
TCP
Remote Address = 176.31.252.203
Local=20 Port 3739
Remote Port 8000
Local Host
Remote = Host
Service=20 Name
Nameservers ns.dxfuncluster.com


The Opera chat=20 channel:
----------
TCP
Remote Address = 66.220.151.99
Local Port=20 1060
Remote Port 5222
Local Host
Remote Host
Service=20 Name
Reverse DNS jabber-03-01-tfbnw.net snc6.
http://www.plotip.com/ip/66.220.151.99



The=20 first two addresses may been explained by the cluster and chat = function in=20 Opera,   but I can't find any connection in the
software to = the last=20 address :
----------
TCP
Remote Address = 88.14.57.81
Local Port=20 3740
Remote Port 8001
Local Host
Remote Host antiarrl.dyndns.org
IP address country: = Spain
IP=20 address state: Murcia
IP address city: San Javier

And why = opera is=20 trying to transfer the following string "1 #### #### ####"  to = "ANTIARRL.DYNDNS.ORG=20 located some place in Spain is
a mystery.

My conclusion is = to=20 leave this software alone.

73 de la5vna=20 = Steinar














































-----Original=20 Message-----
From: Mike Dennison [mailto:mike.dennison@ntlworld.com= ]
Sent:=20 22. januar 2012 16:44
To: Steinar Aanesland
Subject: Re: LF: A = bit off=20 topic

Steinar,

I have only now read your message. Are = you=20 still having problems?

My version of Norton/Symantec deleted = Opera=20 when I ran it. It decided that, because it did not know about the = software,=20 it was
therefore suspicious. It is possible to configure Norton = to ignore=20 some files or folders, and that was my fix. If you need details = I
will=20 try to remember how I did it.

73 de Mike,=20 G3XDV
-----------------------------

> I know this is a = bit off=20 topic, but is there anyone her using Symantec
> Endpoint = Protection=20 ver 12.1 ?
>
> I am trying to use a new ham software but = my=20 antivirus see this
> software as a risk.
>
> = la5vna=20 = Steinar
>
>
>
>
>
>









--
http://qss2.blogspot.com/
http://g3xbm-qrp.blogspot.com/
http://www.g3xbm.co.uk
https://sites.google.com/site/sub9khz/

=
------=_NextPart_000_011E_01CCDBA8.13714200--